"Centralized policy" is the concept of controlling distributed policy execution from a centralized location. This concept enables the policy owner to easily control the rules that are evaluated in each run of Datree without creating operation overhead. The centralized policy can be managed by logging into the dashboard.
In the dashboard, each of the 30 built-in rules can be switched "ON" or "OFF" according to your needs. Once a rule is disabled or enabled, it will automatically propagate to all policy checks that are executed against that policy (via account token). This way, the policy owner doesn't need to manually update all the devices connected to this policy.
To help the policy owner to educate the policy consumers (e.g. developers, teammates, etc.), why and how they should fix their misconfigurations, the text that is shown in the CLI, when a rule is failing, is editable.
Before edit ➡️
After edit ➡️
Add policies with different rules configured, giving each of your use cases its own custom policy.
Create a new policy and give it a descriptive name.
By default, each new policy is created without any rules enabled, giving you the freedom to configure it according to your needs.
To run the Datree CLI against the new policy (instead of the default one), you will need to add the `-p [policy-name]` to your policy check execution (e.g. $ datree test ~/.datree/k8s-demo.yaml -p A_team)